ansible-host/files/nibtech-sshd.conf

# Note that while many of these are the defaults, this file is loaded after
# other drop-in configuration files, and so ensures that the defaults are still
# the defaults.

# Authentication
#   Dis-allow password authentication [Default: yes]
#   Dis-allow root login [Default: prohibit-password]
#   Dis-allow empty password login attempts [Default: no]
#   Disable keyboard-interactive authentication [Default: yes]
PasswordAuthentication no
PermitRootLogin no
PermitEmptyPasswords no
KbdInteractiveAuthentication no

# Enable PAM ("If UsePAM is enabled, you will not be able to run sshd as a
# non-root user" -- handy!) [Default: no]
# WARNING: 'UsePAM no' is not supported in RHEL and may cause several problems
UsePAM yes

# Disable X11 Forwarding [Default: no]
X11Forwarding no

ClientAliveInterval 300
ClientAliveCountMax 2

# Restrict to only NibTech logins
AllowGroups nibtech
Host Setup, User Setup, SSH Configuration 2025-06-23 13:10:20 -04:00			`# Note that while many of these are the defaults, this file is loaded after`
			`# other drop-in configuration files, and so ensures that the defaults are still`
			`# the defaults.`

			`# Authentication`
			`# Dis-allow password authentication [Default: yes]`
			`# Dis-allow root login [Default: prohibit-password]`
			`# Dis-allow empty password login attempts [Default: no]`
			`# Disable keyboard-interactive authentication [Default: yes]`
			`PasswordAuthentication no`
			`PermitRootLogin no`
			`PermitEmptyPasswords no`
			`KbdInteractiveAuthentication no`

			`# Enable PAM ("If UsePAM is enabled, you will not be able to run sshd as a`
			`# non-root user" -- handy!) [Default: no]`
			`# WARNING: 'UsePAM no' is not supported in RHEL and may cause several problems`
			`UsePAM yes`

			`# Disable X11 Forwarding [Default: no]`
			`X11Forwarding no`

			`ClientAliveInterval 300`
			`ClientAliveCountMax 2`

			`# Restrict to only NibTech logins`
			`AllowGroups nibtech`